How to Get info from AD for computer
alac...@gmail.com
First of all, sorry for my english...
I want to have a list of the computer on my domain and their last
seen.
------------------------------------------------------------------------------------------------------
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection" )
Set objCommand = CreateObject("ADODB.Command" )
objConnection.Provider = ("ADsDSOObject" )
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size" ) = 1000
objCommand.Properties("Searchscope" ) = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT name FROM " _
& "'LDAP://DC=XXX,DC=XXX'" _
& " WHERE objectClass='computer' "
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Name: " & objRecordset.fields("name" )
objRecordSet.MoveNext
Loop
------------------------------------------------------------------------------------------------------
I would like a "select" like that : "Select name, lastview ...."
Thanks
![Richard Mueller [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Richard Mueller [MVP]
There is no attribute that indicates when any object was last browsed.
The "modifyTimeStamp" attribute indicates when the object was last changed
in Active Directory.
The "pwdLastSet" attribute indicates when the system last reset the
password. For computer objects, this happens by default every 30 days.
The "lastLogon" attribute indicates when the computer last authenticated to
the domain.
The last two attributes are Integer8, which is a 64-bit number. They require
special code to convert to a date. The last attribute is not replicated, so
you need to query every Domain Controller in the domain for the latest
value.
If you are searching for unused computer accounts, you can use Joe Richards'
free oldcmp utility. See this link:
http://www.joeware.net/win/free/tools/oldcmp.htm
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
<alac...@gmail.com> wrote in message
news:1183450074....@n2g2000hse.googlegroups.com...
alac...@gmail.com
nos...@ameritech.nospam.net> wrote:
> There is no attribute called "lastview". What do you mean by "last seen"?
> There is no attribute that indicates when any object was last browsed.
>
> The "modifyTimeStamp" attribute indicates when the object was last changed
> in Active Directory.
> The "pwdLastSet" attribute indicates when the system last reset the
> password. For computer objects, this happens by default every 30 days.
> The "lastLogon" attribute indicates when the computer last authenticated to
> the domain.
>
> The last two attributes are Integer8, which is a 64-bit number. They require
> special code to convert to a date. The last attribute is not replicated, so
> you need to query every Domain Controller in the domain for the latest
> value.
>
> If you are searching for unused computer accounts, you can use Joe Richards'
> free oldcmp utility. See this link:
>
> http://www.joeware.net/win/free/tools/oldcmp.htm
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab -http://www.rlmueller.net
> --
>
>
> news:1183450074....@n2g2000hse.googlegroups.com...
>
>
>
> > Hi,
>
> > First of all, sorry for my english...
>
> > I want to have a list of the computer on my domain and their last
> > seen.
>
> > Const ADS_SCOPE_SUBTREE = 2
>
> > Set objConnection = CreateObject("ADODB.Connection" )
> > Set objCommand = CreateObject("ADODB.Command" )
> > objConnection.Provider = ("ADsDSOObject" )
> > objConnection.Open "Active Directory Provider"
> > objCommand.ActiveConnection = objConnection
> > objCommand.Properties("Page Size" ) = 1000
> > objCommand.Properties("Searchscope" ) = ADS_SCOPE_SUBTREE
> > objCommand.CommandText = _
> > "SELECT name FROM " _
> > & "'LDAP://DC=XXX,DC=XXX'" _
> > & " WHERE objectClass='computer' "
> > Set objRecordSet = objCommand.Execute
> > objRecordSet.MoveFirst
>
> > Do Until objRecordSet.EOF
> > Wscript.Echo "Name: " & objRecordset.fields("name" )
> > objRecordSet.MoveNext
> > Loop
>
> > I would like a "select" like that : "Select name, lastview ...."
>
>
> - Afficher le texte des messages précédents -
Thanks for your help.
I am looking for unused computer. I will use the attribute
"lastlogon".
I am currently trying to convert the "lastlogon" attribute. On
vbscript this attribute is an object, the date is stored in the
HighPart and the time in the LowPart. Do you have information on how i
could get the date, i can't find nothing.
Thank you
alac...@gmail.com
>
> - Afficher le texte des messages précédents -
GOT IT !!!
I found how to convert the "lastlogon" attribute :
----------------------------------------------------------------
(...)
var = objRecordSet.Fields("lastLogon")
'wscript.echo objRecordSet.Fields("Name").Value & " " &
isobject(var) & " - " & isnull(var)
if ( isobject(var) ) then
lngHigh = var.HighPart
lngLow = var.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
dtmDate = objRecordSet.Fields("modifyTimeStamp").Value
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) + lngLow)/
600000000 - lngBias)/1440
End If
else
dtmDate = objRecordSet.Fields("modifyTimeStamp").Value
end if
(...)
----------------------------------------------------------------
Now I can delete computer which are no more on the domain
Thx for your help
Richard Mueller [MVP]
Thx for your help
------------------------------
Remember that lastLogon is not replicated. A different value for each
computer is saved on every Domain Controller. There is a good chance you
will retrieve a value of 1/1/1601 even if the computer authenticated today.
You must query every Domain Controller in the domain to find the latest
value. You have a few options:
1. Use a tool like Joe Richards' oldcmp, which has several options and
handles the complications of Integer8 values and lastLogon not being
replicated.
2. Use a VBScript program that uses ADO to query every Domain Controller for
the largest lastLogon value for every computer. I have an example VBScript
program that does this for all users linked here:
http://www.rlmueller.net/Last%20Logon.htm
This program can be modified to retrieve the lastLogon dates for all
computers by changing this line:
strFilter = "(&(objectCategory=person)(objectClass=user))"
to this:
strFilter = "(objectCategory=computer)"
3. Retrieve the value of the pwdLastSet attribute. Although this is Integer8
so the same techniques are required to convert the value to a date, at least
this attribute is replicated. You don't know exactly when the account was
last used, but you know within 30 days.
I have an example VBScript program that searches AD for all computers where
pwdLastSet corresponds to a date a specified number of days in the past,
then disables the accounts and moves them to a designated OU. The program is
linked here:
http://www.rlmueller.net/MoveOldComputers.htm
Finally, to delete a computer object you can bind to the object and invoke
the DeleteObject method. For example:
=============
Set objComputer =
GetObject("LDAP://cn=TestComputer,ou=Sales,dc=MyDomain,dc=com")
objComputer.DeleteObject (0)
============
The parameter (0) is required. I hope this helps.
alac...@gmail.com
Thanks for your help, I will try this scripts and tools today.
In my script I didn't specify a domain controller:
"'LDAP://DC=XXX,DC=XXX"
I specify only the domain name, may be all domain controller are
asked?
I think I will find good information in this scripts ;)
But I prefer making a document with the list of the computer (like an
Excel) and disables the accounts myself.
Thanks
alac...@gmail.com
>
> - Afficher le texte des messages précédents -
"I specify only the domain name, may be all domain controller are
asked? "
I have the Answer : NO
When there is a lastlogon, sometime the date are not the same (depend
on which domain controller the script ask) and some time, there is no
lastlogon.
I think I will use a part of your script to select all Domain
Controller to take all lastlogon.